Class OpenIdSession

  • All Implemented Interfaces:
    Session

    public final class OpenIdSession
    extends Object
    implements Session
    A session implementation for use with OpenID Connect ID Tokens.
    • Field Detail

      • ID_TOKEN

        public static final URI ID_TOKEN
    • Method Detail

      • ofIdToken

        public static Session ofIdToken​(String idToken)
        Create a session from an ID token, using the default validation rules.
        Parameters:
        idToken - the ID Token
        Returns:
        the session
      • ofIdToken

        public static Session ofIdToken​(String idToken,
                                        OpenIdConfig config)
        Create a session from an ID token, using a specific validation configuration.
        Parameters:
        idToken - the ID Token
        config - the validation configuration
        Returns:
        the session
      • ofClientCredentials

        public static Session ofClientCredentials​(URI issuer,
                                                  String clientId,
                                                  String clientSecret,
                                                  String authMethod)
        Create a session using OAuth2 client credentials.
        Parameters:
        issuer - the OpenID Provider URL
        clientId - the client id value
        clientSecret - the client secret value
        authMethod - the authentication mechanism (e.g. client_secret_post or client_secret_basic)
        Returns:
        the session
      • ofClientCredentials

        public static Session ofClientCredentials​(OpenIdProvider provider,
                                                  String clientId,
                                                  String clientSecret,
                                                  String authMethod,
                                                  OpenIdConfig config)
        Create a session using OAuth2 client credentials.
        Parameters:
        provider - an OpenID Provider instance
        clientId - the client id value
        clientSecret - the client secret value
        authMethod - the authentication mechanism (e.g. client_secret_post or client_secret_basic)
        config - the ID token verification config
        Returns:
        the session
      • getId

        public String getId()
        Description copied from interface: Session
        Retrieve the identifier associated with this session.
        Specified by:
        getId in interface Session
        Returns:
        a session identifier
      • getPrincipal

        public Optional<URI> getPrincipal()
        Description copied from interface: Session
        Retrieve the principal associated with this session.

        Typically, this will be a WebID or other globally unique value

        Specified by:
        getPrincipal in interface Session
        Returns:
        the principal identifier, if present
      • supportedSchemes

        public Set<String> supportedSchemes()
        Description copied from interface: Session
        Retrieve the authentication schemes supported by this session.
        Specified by:
        supportedSchemes in interface Session
        Returns:
        the scheme identifiers
      • getCredential

        public Optional<Credential> getCredential​(URI name,
                                                  URI uri)
        Description copied from interface: Session
        Retrieve a credential from this session.
        Specified by:
        getCredential in interface Session
        Parameters:
        name - the credential name
        uri - the request URI
        Returns:
        the credential, if present
      • selectThumbprint

        public Optional<String> selectThumbprint​(Collection<String> algorithms)
        Description copied from interface: Session
        Select the thumbprint from a set of candidate algorithms.
        Specified by:
        selectThumbprint in interface Session
        Parameters:
        algorithms - the supported algorithms
        Returns:
        the keypair thumbprint
      • generateProof

        public Optional<String> generateProof​(String jkt,
                                              Request request)
        Description copied from interface: Session
        Generate a proof for a request.
        Specified by:
        generateProof in interface Session
        Parameters:
        jkt - the JSON Key thumbprint for the proof key
        request - the request
        Returns:
        a proof token
      • fromCache

        public Optional<Credential> fromCache​(Request request)
        Description copied from interface: Session
        Retrieve an access token for a request from a cache.
        Specified by:
        fromCache in interface Session
        Parameters:
        request - the HTTP request
        Returns:
        the access token, if present
      • reset

        public void reset()
        Description copied from interface: Session
        Reset the session state, clearing any internal caches.
        Specified by:
        reset in interface Session
      • authenticate

        public CompletionStage<Optional<Credential>> authenticate​(Authenticator auth,
                                                                  Request request,
                                                                  Set<String> algorithms)
        Description copied from interface: Session
        Fetch an authentication token from session values.
        Specified by:
        authenticate in interface Session
        Parameters:
        auth - the authenticator in use
        request - the HTTP request
        algorithms - the supported DPoP algorithms
        Returns:
        the next stage of completion, containing an access token, if present